Getting DNS record types

Getting DNS record types
Linux host command can help you find the IP address of a web URL

Using the Linux host Command

DNS is like a telephone book of the Internet. DNS or Domain Name Servers help you translate the web URL to their underlying IP addresses.

For humans, it is easy to remember as compared to numbers such as which is the IP address of

So this means that when you type in your Internet Browser such as IE, Chrome or Firefox, the ISP looks up the DNS server to find the IP address and redirects you to where actully lives.

host is a command line linux utility for performing DNS lookups. It can be used to convert names to IP addresses to domain names and vice versa. You can get its command line arguments by typing host in the terminal. Here are the options you could use with the host command:

typing host in the terminal lists the command options

You can specify a domain name that you want to pull information from. You can also specify an IPv4 address or an IPv6 address (colon delimited). It will perform a reverse lookup for that IP address. Here is how my website information is fetched by the simple host command: host has address mail is handled by 1

Other examples of using host commands

Finding Nameservers: A nameserver maintains a directory of domain names that match certain IP addresses. In other words, it’s where the DNS server records for your domain are stored, allowing you to decide which hosting providers controls your webspace and email.

host -t ns name server name server

-t specifies the type of record. ns means nameserver and then the domain name.

Find IPv4/6 address: if you want to look for IPv4 or IPv6 address you can:

host -4 has address mail is handled by 1

host -6 has address has IPv6 address 2a00:1450:4009:81e::2003 mail is handled by 0

Find MX records, a mail server responsible for accepting email messages on behalf of a recipient’s domain, and a preference value used to prioritize mail delivery if multiple mail servers are available.

host -t mx mail is handled by 1

host -t mx mail is handled by 5 mail is handled by 5

FTP and SSH address: some times targets do have ftp or ssh addresses as well. you can enumerate by:

host -t a has address

Find SOA (Start of Authority) records: Every domain must have a Start of Authority record at the cutover point where the domain is delegated from its parent domain. For example if the domain is delegated to DNSimple name servers, we must include an SOA record for the name in our authoritative DNS records. We add this record automatically for every domain that is added to DNSimple.

host -t soa has SOA record 2005139024 28800 3600 604800 3600

The SOA record includes the following details:

  • The primary name server for the domain, which is or the first name server in the vanity name server list for vanity name servers.
  • The responsible party for the domain, which is
  • A timestamp that changes whenever you update your domain. 2005139024
  • The number of seconds before the zone should be refreshed. 3600
  • The number of seconds before a failed refresh should be retried. 28800
  • The upper limit in seconds before a zone is considered no longer authoritative. i.e. expiry = 604800
  • The negative result TTL (for example, how long a resolver should consider a negative result for a subdomain to be valid before retrying). 3600

Get txt records by:

host -t txt descriptive text "apple-domain-verification=30afIBcvSuDV2PLX" descriptive text "google-site-verification=TV9-DBe4R80X4v0M4U_bd_J9cpOJM0nikft0jAgjmsQ" descriptive text "docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e" descriptive text "MS=E4A68B9AB2BB9670BCE15412F62916164C0B20BB" descriptive text "globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8=" descriptive text "google-site-verification=wD8N7i1JTNTkezJ49swvWW48f8_9xveREV4oB-0Hf5o" descriptive text "docusign=1b0a6754-49b1-4db5-8540-d2c12664b289" descriptive text "v=spf1 ~all" descriptive text "facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95"